python sniffer with icmp

1. import socket
2. import os
3. import struct
4. import threading
5.  
6. from ctypes import *
7.  
8. # host to listen on
9. host = "192.168.0.187"
10.  
11.  
12. class IP(Structure):
13.  
14. _fields_ = [
15. ("ihl", c_ubyte, 4),
16. ("version", c_ubyte, 4),
17. ("tos", c_ubyte),
18. ("len", c_ushort),
19. ("id", c_ushort),
20. ("offset", c_ushort),
21. ("ttl", c_ubyte),
22. ("protocol_num", c_ubyte),
23. ("sum", c_ushort),
24. ("src", c_ulong),
25. ("dst", c_ulong)
26. ]
27.  
28. def __new__(self, socket_buffer=None):
29. return self.from_buffer_copy(socket_buffer)
30.  
31. def __init__(self, socket_buffer=None):
32.  
33. # map protocol constants to their names
34. self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}
35.  
36. # human readable IP addresses
37. self.src_address = socket.inet_ntoa(struct.pack("<L",self.src))
38. self.dst_address = socket.inet_ntoa(struct.pack("<L",self.dst))
39.  
40. # human readable protocol
41. try:
42. self.protocol = self.protocol_map[self.protocol_num]
43. except:
44. self.protocol = str(self.protocol_num)
45.  
46.  
47.  
48. class ICMP(Structure):
49.  
50. _fields_ = [
51. ("type", c_ubyte),
52. ("code", c_ubyte),
53. ("checksum", c_ushort),
54. ("unused", c_ushort),
55. ("next_hop_mtu", c_ushort)
56. ]
57.  
58. def __new__(self, socket_buffer):
59. return self.from_buffer_copy(socket_buffer)
60.  
61. def __init__(self, socket_buffer):
62. pass
63.  
64. # create a raw socket and bind it to the public interface
65. if os.name == "nt":
66. socket_protocol = socket.IPPROTO_IP
67. else:
68. socket_protocol = socket.IPPROTO_ICMP
69.  
70. sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
71.  
72. sniffer.bind((host, 0))
73.  
74. # we want the IP headers included in the capture
75. sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
76.  
77. # if we're on Windows we need to send some ioctls
78. # to setup promiscuous mode
79. if os.name == "nt":
80. sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
81.  
82.  
83.  
84. try:
85. while True:
86.  
87. # read in a single packet
88. raw_buffer = sniffer.recvfrom(65565)[0]
89.  
90. # create an IP header from the first 20 bytes of the buffer
91. ip_header = IP(raw_buffer[0:20])
92.  
93. print "Protocol: %s %s -> %s" % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
94.  
95. # if it's ICMP we want it
96. if ip_header.protocol == "ICMP":
97.  
98. # calculate where our ICMP packet starts
99. offset = ip_header.ihl * 4
100. buf = raw_buffer[offset:offset + sizeof(ICMP)]
101.  
102. # create our ICMP structure
103. icmp_header = ICMP(buf)
104.  
105. print "ICMP -> Type: %d Code: %d" % (icmp_header.type, icmp_header.code)
106.  
107. # handle CTRL-C
108. except KeyboardInterrupt:
109. # if we're on Windows turn off promiscuous mode
110. if os.name == "nt":
111. sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)